HPE Community
Operating System - HP-UX
1837738 Members
3627 Online
110118 Solutions
New Discussion

Prevent users from Logging

 
SOLVED
Go to solution
brian_31
Super Advisor

‎11-11-2004 12:19 PM

‎11-11-2004 12:19 PM

Prevent users from Logging

Team:

What is the best way to prevent the users from logging while i want the root to login. I can't go to single user mode.

Thanks

Brian
0 Kudos
Reply
8 REPLIES 8
Sridhar Bhaskarla
Honored Contributor

‎11-11-2004 12:34 PM

‎11-11-2004 12:34 PM

Re: Prevent users from Logging

Hi Brian,

Quite a few ways... The one I would prefer is to through inetd.sec file.

#cp /etc/inetd.sec /etc/inetd.sec.good
#vi /etc/inetd.sec

Add lines like

telnet allow ip_of_your_workstation
ftp allow ip_of_your_workstation
login allow ip_of_your_workstation
exec allow ip_of_your_workstation
shell allow ip_of_your_workstation

Run 'inetd -c'.

If you are running sshd, stop the daemon. Stop dtlogin process (/sbin/init.d/dtlogin stop).

Once you are done with your work, move the old inetd.sec back and run 'inetd -c' again to get it going. Start dtlogin and sshd processes.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Ermin Borovac
Honored Contributor

‎11-11-2004 12:52 PM

‎11-11-2004 12:52 PM

Re: Prevent users from Logging

Another way is to use NOLOGIN feature in /etc/default/security file. See security(4) for more information.

o Add NOLOGIN=1 to /etc/default/security file.
o Create /etc/nologin with the message you'd like your users to see.
o Stop dtlogin.

ssh should also check for existance of /etc/nologin file so there is no need to stop sshd.
0 Kudos
Reply
brian_31
Super Advisor

‎11-11-2004 01:45 PM

‎11-11-2004 01:45 PM

Re: Prevent users from Logging

Team:

/etc/default/security file can be used in trudted systems only right. Ours is not trusted. is there any other way?

Thanks

Brian
0 Kudos
Reply
Ermin Borovac
Honored Contributor

‎11-11-2004 01:56 PM

‎11-11-2004 01:56 PM

Solution

Re: Prevent users from Logging

As far as I know you don't need trusted system to use /etc/default/security. Although some of its parameters cannot be used on untrusted system (e.g. PASSWORD_HISTORY_DEPTH).
Reply
brian_31
Super Advisor

‎11-11-2004 02:02 PM

‎11-11-2004 02:02 PM

Re: Prevent users from Logging

you are right. i tried and it works. i also tried the inetd.sec file (there was no such file and i had to create one but still i am able to login after making the entries and running inetd -c). aslo is there any other way?

Thanks

Brian
0 Kudos
Reply
Ranjith_5
Honored Contributor

‎11-11-2004 02:39 PM

‎11-11-2004 02:39 PM

Re: Prevent users from Logging

Simple Method:

Hi Brian,

Easiest and Safest way is :

#>/etc/nologin OR
#touch /etc/nologin

After this kill all the users currently logged in to the system.They wont be able to login further.


See http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=147806
Regards,
Syam
0 Kudos
Reply
Ranjith_5
Honored Contributor

‎11-11-2004 02:40 PM

‎11-11-2004 02:40 PM

Re: Prevent users from Logging



Hi Brian,

Easiest and Safest way is :

#>/etc/nologin OR
#touch /etc/nologin

After this kill all the users currently logged in to the system.They wont be able to login further.

Regards,
Syam
0 Kudos
Reply
Ranjith_5
Honored Contributor

‎11-11-2004 02:42 PM

‎11-11-2004 02:42 PM

Re: Prevent users from Logging

Oooooooooooooooops I clicked twice when I found error in posting reply and it came twice. i am sorry
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.